Feature #16678
Updated by Peter Amstutz about 4 years ago
Add a feature where tokens issued through web login have a default lifetime. An
expiration time of 8 or 12 hours implements a policy where users are required to log in again each day, and limits the amount of time an attacker could make use of a stolen token. The token is prevented from manipulating other tokens.